Add sanlock_use_nfs and sanlock_use_samba booleans

author Miroslav Grepl <mgrepl@redhat.com>

Mon, 21 Nov 2011 11:28:14 +0000 (12:28 +0100)

committer Miroslav Grepl <mgrepl@redhat.com>

Mon, 21 Nov 2011 11:28:14 +0000 (12:28 +0100)
author Miroslav Grepl <mgrepl@redhat.com>
Mon, 21 Nov 2011 11:28:14 +0000 (12:28 +0100)
committer Miroslav Grepl <mgrepl@redhat.com>
Mon, 21 Nov 2011 11:28:14 +0000 (12:28 +0100)
diff --git a/policy/modules/services/sanlock.te b/policy/modules/services/sanlock.te

index 0c1e385d6c60e4390f82fae51b4a3c8ec571d21b..96adff5961cd12faf6b7f0bf62ef2e86c1a52b6c 100644 (file)
--- a/policy/modules/services/sanlock.te
+++ b/policy/modules/services/sanlock.te
@@ -5,6 +5,20 @@ policy_module(sanlock,1.0.0)
  # Declarations
  #
  
+## <desc>
+##  <p>
+##  Allow confined virtual guests to manage nfs files
+##  </p>
+## </desc>
+gen_tunable(sanlock_use_nfs, false)
+
+## <desc>
+##  <p>
+##  Allow confined virtual guests to manage cifs files
+##  </p>
+## </desc>
+gen_tunable(sanlock_use_samba, false)
+
  type sanlock_t;
  type sanlock_exec_t;
  init_daemon_domain(sanlock_t, sanlock_exec_t)
@@ -61,6 +75,20 @@ init_dontaudit_write_utmp(sanlock_t)
  
  miscfiles_read_localization(sanlock_t)
  
+tunable_policy(`sanlock_use_nfs',`
+    fs_manage_nfs_dirs(sanlock_t)
+    fs_manage_nfs_files(sanlock_t)
+    fs_manage_nfs_named_sockets(sanlock_t)
+    fs_read_nfs_symlinks(sanlock_t)
+')
+
+tunable_policy(`sanlock_use_samba',`
+    fs_manage_cifs_dirs(sanlock_t)
+    fs_manage_cifs_files(sanlock_t)
+    fs_manage_cifs_named_sockets(sanlock_t)
+    fs_read_cifs_symlinks(sanlock_t)
+')
+
  optional_policy(`
         wdmd_stream_connect(sanlock_t)
  ')
author	Miroslav Grepl <mgrepl@redhat.com>
	Mon, 21 Nov 2011 11:28:14 +0000 (12:28 +0100)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Mon, 21 Nov 2011 11:28:14 +0000 (12:28 +0100)